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Abstract — Side-Channel Analysis used for codebreaking could 
be used constructively as a probing tool for internal gates 
in integrated circuits. This paper outlines basic methods and 
mathematics for that purpose 

I. Introduction 

In recent times Side-Channel Attacks [2| have attracted 
a lot of attention from the information security community. 
These techniques are very similar to Spectroscopy(NMR) used 
over the years. While in spectroscopy, patterns in the light 
spectrum are used to detect the presence of atoms and its 
environments in an unknown substance, in a Side-Channel 
Attack the cryptanalyst looks for patterns in the power con- 
sumption or EM emission to detect the unknown key value. 
Apart from cryptanalysis, side-channel could be of great utility 
to an electrical engineer, as a probing tool more in line with 
spectroscopy used in physics. 

II. Power Consumption Model 

In this article we consider the Power Traces S(Ii, t) of 
a combinatorial circuit. That is it has no memory. It and 
are the i th and (i — l) th input to this block, and t is the time 
sample of the measured current from power supply. Power is 
only consumed when the input goes through a transition. The 
power trace is recorded for a time duration [0,T] where the 
transition is applied at t=0 and and T is any time after that 
when there is no further change in measured current. In this 
article we use a recursive model of power consumption. For 
purpose of illustration, we consider a block with N subblocks 
(see figure [T] 

A sub-block with N inputs is characterized by it's step 
current response as the input vectors undergoes a transition 
ij — > ik- Note that output loads are considered to be part of 
this sub-block. 

S J (^) — Irneasuredij^) (1) 

and the sub-block is characterized by the set of all step 
responses corresponding to each transition. 

(J s*i-»»'*( T ) 

0<ij<2 N -l 
0<i fc <2 N -l 

Now we view the DUT as recursively organized in various 
sub-blocks. At the topmost level the DUT consists of N such 
gates(see figure. [TJ where kth gate h as ^fc possible input tran- 
sitions at it's input. That is, the length of the input transition 
alphabet to the kth gate is denoted as N^. Furthermore 



• S(k,j,t) denotes the step current response s(r) associ- 
ated with jth transition of the k t h gate. 

• A(k,j,Ii ) Ii-i) denotes the jth transition on the kth 
block is activated, during the interval depending on Ii 
and 

Next we normalize the traces to have a zero mean. So we 
will assume that S(k,j, t) has a zero mean from now onwards. 
We even redefine the activation function as: 

T(k,j, Ii, Ii-i) = 1 if input vector to the k t h gate 
undergoes jth transition 

T(k,j, Ii, Ii-i) = —1 if input vector to the k t h gate 
remains unchanged 

T(k,j,li,li-i)=0 if j>N k 

Note that A(k, , j, Ii, Ii-i) can be written in terms of 

T(k, JJiJ^x) as 

A(k,j,Ii,Ii-i) = - x (1 + T(k,j, Ii, Ii-i)) (2) 

The advantage of this representation is that we can write, 
for M random input transitions 

Af-l 

^ T(ki,ji,Ii,Ii-i)xT(k 2 ,j2,Ii,Ii-i) = iffci ^ k 2 kji ^ J 

i=0 
Af-l 

J2 T(k 1 ,j 1 ,I i ,I i - 1 )xT(k 2 ,j2,Ii,Ii-i) = M iffci = fc 2 &ji = 



JV-l JV fc -l 

S ^ = EE A{k,jJi,Ii-x) x S(k,j,n) (3) 

fe=0 3=0 
N-l iVfc-1 

S (t) = E E 2 X T^hJi-i) x S(k,j,t) (4) 

k=0 j=0 

III. Post-Processing 

Now we want to find out the step current response associ- 
ated with pth transition of the q t h gate. For that purpose we 
apply M random transitions < > at the input which 

also includes transitions that will trigger the event A(p, q, t) 



i=0 

This is based on the assumption that all transitions are inde- 
pendent, and it closely follows the mathematical definition of 
orthogonality over M random input transitions. 

With this notation we can write one power trace for input 
vector transition from to as 
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Fig. 1. Power Consumption Model. 




and multiply each trace by T(p, g, /j, Jj_i) 
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(l + T(k,j,Ii,Ii-i))xS(k,j,t) 
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using minimum cut bisection, and finally arriving at the target 
transition. 

V. Conclusion 

In this article we illustrated a very preliminary outline 
of how power analysis techniques can be used for probing 
each single net behaviour in the circuit, thus acting as an 
oscilloscope even for physically inaccessible components. This 
will beneficial for modelling new technologies based on in- 
circuit measurement. The difference between Side-Channel 
Attacks(SCA) and Side-Channel Oscilloscope(SCO) is that 
Y Y Y {T(k,j,Ii,Ii-i)) x T(p,q,Ii,Ii-i) x S(fc,^y)sCA, the user does not have the full knowledge of the 

circuit. So the functions T(k, j, li, Ii-i) are only guesses. In 
SCO, the user can calculate the activation functions, but for 
him the unknown is the response of the fabricated circuit. The 
major assumptions that we made are that the transitions are 
orthogonal/independent, which may not be true for all circuits, 
however for some amount of interdependence we still get a 
magnification for the target transition, and dependent transition 
current response remains present as noise. This process can 
be further improved by imposing DFT rules, and using more 
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s acc (t)= Y T( -P> 9,Ii,Ii-i) *NxN k x i £ (5(t)) + ^S(p,g,t) com P licated P° st processing techniques such as Principal 



Since we preprocessed the tracesS'(i) to have a zero mean 
we can find out the step current response as 

M 



-S{p,q,t) 



(5) 



Component Analysis as used in Template Attacks fH . 
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IV. Recursive Refinement 

In the above section we outlined a method to find the current 
response associated with the pth transition of the q tn gate. 
This process can continued recursively for the q t h gate until 
we have only a single net, in which case we can derive the 
voltage waveform from the step current response using basic 
circuit behaviour. 

In the above mentioned method, the orthogonality of 
T(k, j, Ii, Ii-i) functions play a pivotal role. Even in Template 
Side-Channel Attacks HI A major step is to find orthogonal 
representation of the acquired traces. To guarantee this orthog- 
onality we can divide a block recursively into two sub-blocks 



